Cyber Incident Victim: Evernote Corporation
Date:
Jun 2014
Location:
United States of America
Summary
A distributed denial-of-service attack disrupted the online note-taking service, causing extended outages that prevented millions of users from accessing or syncing their data across devices. The company mitigated the attack but warned of potential residual service instability. This incident followed an earlier security breach where attackers accessed user credentials—including usernames, email addresses, and cryptographically protected passwords—prompting a mandatory password reset for all accounts as a precautionary measure.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On June 10, 2014, Evernote experienced a distributed denial-of-service (DDoS) attack that disrupted service for millions of users globally. The attack commenced at approximately 10:45 BST, targeting the company’s infrastructure and rendering its cloud-based note synchronization and access features inoperable. Users reported immediate inability to sync notes, web clippings, or files across devices, effectively severing core functionality of the platform. Evernote’s official Twitter account confirmed the outage within hours, stating the service was unavailable and that engineers were actively working to resolve the issue. By the evening of the same day, the company announced via social media that it had neutralized the attack and restored service, though it cautioned users about potential intermittent disruptions or “hiccups” during the subsequent 24-hour recovery period. The incident marked a significant operational disruption for Evernote’s estimated 100 million users, though no data breach or unauthorized access to user content occurred during the DDoS event.
This was not Evernote’s first major cybersecurity incident. In early 2013, the company disclosed a separate security breach in which attackers infiltrated its systems and accessed user account information, including usernames, email addresses, and encrypted passwords. Evernote had stored passwords using cryptographic hashing with random “salt” values to complicate decryption attempts, a practice that prevented plaintext exposure. Despite this safeguard, the company mandated a full password reset for all users as a precautionary measure, citing concerns that attackers might eventually crack weaker hashed credentials. The 2013 breach did not involve financial data or user-created content such as notes or attachments, but it underscored systemic vulnerabilities that preceded the 2014 DDoS attack. Both incidents collectively highlighted recurring challenges in maintaining service availability and data security for a platform handling sensitive user information at scale.